github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/prometheus-adapter/templates/certmanager.yaml (about) 1 {{- if .Values.certManager.enabled -}} 2 --- 3 # Create a selfsigned Issuer, in order to create a root CA certificate for 4 # signing webhook serving certificates 5 apiVersion: cert-manager.io/v1 6 kind: Issuer 7 metadata: 8 name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer 9 namespace: {{ include "k8s-prometheus-adapter.namespace" . }} 10 {{- if .Values.customAnnotations }} 11 annotations: 12 {{- toYaml .Values.customAnnotations | nindent 4 }} 13 {{- end }} 14 labels: 15 {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} 16 spec: 17 selfSigned: {} 18 --- 19 # Generate a CA Certificate used to sign certificates for the webhook 20 apiVersion: cert-manager.io/v1 21 kind: Certificate 22 metadata: 23 name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert 24 namespace: {{ include "k8s-prometheus-adapter.namespace" . }} 25 {{- if .Values.customAnnotations }} 26 annotations: 27 {{- toYaml .Values.customAnnotations | nindent 4 }} 28 {{- end }} 29 labels: 30 {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} 31 spec: 32 secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert 33 duration: {{ .Values.certManager.caCertDuration }} 34 issuerRef: 35 name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer 36 commonName: "ca.webhook.prometheus-adapter" 37 isCA: true 38 --- 39 # Create an Issuer that uses the above generated CA certificate to issue certs 40 apiVersion: cert-manager.io/v1 41 kind: Issuer 42 metadata: 43 name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer 44 namespace: {{ include "k8s-prometheus-adapter.namespace" . }} 45 {{- if .Values.customAnnotations }} 46 annotations: 47 {{- toYaml .Values.customAnnotations | nindent 4 }} 48 {{- end }} 49 labels: 50 {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} 51 spec: 52 ca: 53 secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert 54 --- 55 # Finally, generate a serving certificate for the apiservices to use 56 apiVersion: cert-manager.io/v1 57 kind: Certificate 58 metadata: 59 name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert 60 namespace: {{ include "k8s-prometheus-adapter.namespace" . }} 61 {{- if .Values.customAnnotations }} 62 annotations: 63 {{- toYaml .Values.customAnnotations | nindent 4 }} 64 {{- end }} 65 labels: 66 {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} 67 spec: 68 secretName: {{ template "k8s-prometheus-adapter.fullname" . }} 69 duration: {{ .Values.certManager.certDuration }} 70 issuerRef: 71 name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer 72 dnsNames: 73 - {{ template "k8s-prometheus-adapter.fullname" . }} 74 - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }} 75 - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }}.svc 76 {{- end -}}